流谱理论及其在网络防御中的应用  被引量：3

作　　者：郭世泽 吕仁健 何明枢 张杰 俞赛赛 GUO Shize;LüRenjian;HE Mingshu;ZHANG Jie;YU Saisai(School of Cyberspace Security,Beijing University of Posts and Telecommunications,Beijing 100876,China;School of Electronic Engineering,Beijing University of Posts and Telecommunications,Beijing 100876,China;No.30 Institute of China Electronics Technology Group Corporation,Chengdu 610041,China)

机构地区：[1]北京邮电大学网络空间安全学院,北京100876 [2]北京邮电大学电子工程学院,北京100876 [3]中国电子科技集团公司第三十研究所,成都610041

出　　处：《北京邮电大学学报》2022年第3期19-25,共7页Journal of Beijing University of Posts and Telecommunications

基　　金：国家自然科学基金面上项目(62071056)。

摘　　要：在网络数据处理和分析过程中,针对传统方法存在的观测量大、可解释性差、特征分离难度高等问题,提出了将网络流数据从原始“流”空间映射至“流谱”空间基本方法,满足网络行为的可解释性、可观测、可表达、可处置要求,从而能够更好地完成下游任务。基于高维目标低秩化的矩阵压缩原理,实现了对数据的低维描述,完成了原始网络流从“流”到数据特征矩阵的映射。通过矩阵论、信息论、度量空间相关理论,建立了多个尽可能同构表达的基底谱空间,完成特征矩阵在“谱”空间的可分离同构映射。通过“流谱”对背景网络流、网络威胁、恶意攻击、异常行为进行刻画,应用在网络防御中,提升了网络空间的防御能力,为网络空间防御体系提供了新的思路。In the process of network data processing and analysis, to solve the problems of large observation, poor interpretability and high difficulty of feature separation in traditional methods, the basic method of mapping network flow data from the original “flow” space to the “flow spectrum” space is proposed. The proposed method satisfies and thus the requirements of interpretability, observability, express ability and disposal of network behavior, and thus the downstream tasks can be weel completed. Based on the matrix compression principle of the low rank of high-dimensional objectives, the low-dimensional description of data is realized, and the mapping of the original network flow from “flow” to data characteristic matrix is completed. Based on matrix theory, information theory and metric space theory, multiple base spectral spaces that are expressed as isomorphically as possible are established to complete the separable isomorphic mapping of a characteristic matrix in “spectral” space. The background network flow, network threat, malicious attack and abnormal behavior are descrebed through the “flow spectrum”, which is applied in network defense to improve the defense ability of cyberspace and provide new ideas for the defense system of cyberspace.

关 键 词：网络流 流谱 网络防御 异常行为分析 威胁表征 

分 类 号：TN911.22[电子电信—通信与信息系统]